Introduction to PAS 127:2014 Checkpoint security screening of people and their belongings Guide

Similar documents
THE EQUIPMENT THE SOLUTION THE CHALLENGE THE THREAT

Optimal Technologies Proof of Concept Trial Report

Searching, screening and confiscation. Advice for headteachers, school staff and governing bodies

Procuring Penetration Testing Services

Scanna Postal Screening Equipment

PRSSO212A Screen people and items

Aon Risk Solutions Aon Crisis Management. Crisis Management Consulting Terrorism Probable Maximum Loss (PML) Studies

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014

ITIL Managing Digital Information Assets

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014

Security Policy and Procedures

A specification for security-minded building information modelling, digital built environments and smart asset management

Risk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC

NHS HDL (2006)41 abcdefghijklm. = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé

The use of body scanners for aviation security screening in Australia: Privacy Impact Assessment

and in environments up to 80º F (27º C). Introducing Millivision s Next-Generation Low Cost Passive Millimeter X350 Scanning System.

The potential legal consequences of a personal data breach

Recommendations to improve the safety of existing lifts

Bus incident management planning: Guidelines

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

London 2012 Olympic Safety and Security Strategic Risk. Mitigation Process summary Version 2 (January 2011) Updated to reflect recent developments

DIVISION OF INFORMATION SECURITY (DIS)

The EC Joint Research Centre on Aviation Security

Franklin Technology Center s Code of Conduct

06100 POLICY SECURITY AND INFORMATION ASSURANCE

RISK CONTEXT STATEMENT

Section A: Introduction, Definitions and Principles of Infrastructure Resilience

RECOMMENDED PRACTICE 1701h

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

STATEMENT OF JOHN ROTH INSPECTOR GENERAL U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM

A Risk Assessment Methodology (RAM) for Physical Security

CODE OF CONDUCT AND ETHICS

Securing safe, clean drinking water for all

Remote Access and Home Working Policy London Borough of Barnet

NOTE: DO NOT PULL FIRE ALARM IF A DEVICE IS OBSERVED OR FOR BOMB THREAT.

Safety Regulation Group SAFETY MANAGEMENT SYSTEMS GUIDANCE TO ORGANISATIONS. April

THE STRATEGIC POLICING REQUIREMENT. July 2012

REGULATIONS ON OPERATIONAL RISK MANAGEMENT OF THE BUDAPEST STOCK EXCHANGE LTD.

RESPONSIBLE CARE SECURITY CODE OF MANAGEMENT PRACTICES

Business Continuity Planning and Disaster Recovery Planning

Risks and uncertainties

Parliamentary Security Camera Policy

TICSA. Telecommunications (Interception Capability and Security) Act Guidance for Network Operators.

STANDARD OPERATING PROCEDURE FOR DEALING WITH ANY TERRORIST ATTACK ON SCHOOLS.

Mitigating and managing cyber risk: ten issues to consider

HMG Security Policy Framework

Code of Conduct on the Safety and Security of Radioactive Sources

Managing cyber risk the global banking perspective

2.6 Personnel and Goods Check Procedures upon Accessing Security Restricted Areas

E3211. DOT Hazmat Security Awareness. Leader s Guide

Cyber Security Evolved

The PNC Financial Services Group, Inc. Business Continuity Program

"DOT IN-DEPTH HAZMAT SECURITY TRAINING"

Protecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems

Data Loss Prevention Program

TSA Advanced Imaging Technology

of the Chancellor Subject: SEARCH & SEIZURE Page: 1 of 1 Issued: 9/13/05 SUMMARY OF CHANGES

How To Understand The Differences Between The 2005 And 2011 Editions Of Itil 20000

PREVIEW COPY. The picture is not clear. How many CCTV surveillance cameras in the UK? A study by the BSIA. July Form No. 195 Issue 1.

IMO CONSIDERATION AND ADOPTION OF THE INTERNATIONAL SHIP AND PORT FACILITY SECURITY (ISPS) CODE

Petfre (Gibraltar) Ltd t/a Betfred.com Settlement following a licence review - public statement June 2016

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

CITY UNIVERSITY OF HONG KONG Information Security Incident Management Standard

INFORMATION TECHNOLOGY SECURITY STANDARDS

SAFETY and HEALTH MANAGEMENT STANDARDS

The data which you put into our systems is yours, and we believe it should stay that way. We think that means three key things.

Public and Products Liability Amendments for Manufacturing

Standard Operating Procedures

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

OAKPARK SECURITY SYSTEMS LIMITED. Health & Safety Policy. Requests or suggestions for amendment to this procedure

Fire Safety Risk Assessment Checklist for Residential Care Premises

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy

WORKPLACE VIOLENCE POLICY

BEDFORD DESIGN GROUP REPORT NUMBER ASBESTOS SURVEY AT: ALL HALLOWS CAR PARK GREENHILL BEDFORD

Market Watch. Trade volume advertising: Considerations for firms and individuals relating to risks of market abuse. Contents

Information for Law Firms from the Employment & Equality Law Committee. Sample Health & Safety Policy

ISO27001 Controls and Objectives

Moving from BS to ISO The new international standard for business continuity management systems. Transition Guide

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Committees Date: Subject: Public Report of: For Information Summary

KNOW YOUR RIGHTS: AIRPORT SECURITY AND TRANSGENDER PEOPLE Updated March 2014

ACCIDENT & INCIDENT RECORDING AND REPORTING POLICY

Appendix 6c. Final Internal Audit Report Disaster Recovery Planning. June Report 6c Page 1 of 15

REQUIREMENTS RESPECTING THE SECURITY OF OFFSHORE FACILITIES

Statement of objective MALLS & MULTIPLEXES

EVENT SAFETY MANAGEMENT PLAN. A Small/ Medium Scale Event

Deterring Identity Theft. The Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year.

Transcription:

Introduction to PAS 127:2014 Checkpoint security screening of people and their belongings Guide

Introduction PAS 127:2014 is a guide to checkpoint security screening of people and their belongings within your organization. The PAS contains everything you need to help identify and implement checkpoint security screening measures that address the issues your organization faces. This booklet provides an introduction to PAS 127:2014 and should not be used as a substitute for obtaining, reading, and acting on PAS 127:2014 itself. An unfortunate feature of modern society is that buildings, sites, sporting and other public events may all be targets for terrorist or other malicious attacks. It is necessary to remain vigilant, to prevent such attacks as well as protect people and infrastructure from their effects. PAS 127:2014 is the first publication of its kind to present guidance on good practice for checkpoint security screening of people and their belongings in buildings and at large events. It has been developed using information derived from a wide range of security experts in industry, government, academia and law enforcement agencies. Insufficient or inappropriate security measures may be ineffective at reducing the risk of adverse incidents and in some cases may even increase this risk. Conversely, excessive measures will result in unnecessary expense and use of staff and space, and are likely to interfere with the normal functioning of the site or event being protected.

PAS 127:2014 addresses the scarcity of information on checkpoint security screening in non-regulated environments. It aims to give guidance on good practice for setting up checkpoint security systems in public spaces, government and other sensitive buildings, secure sites, large sporting and other public events. A complete process is outlined, from assessing the risk, establishing security requirements and selecting screening strategies through to the deployment of suitable methods and equipment. Although the main focus is on permanent checkpoints, the same underlying principles apply to the installation of temporary checkpoints, for example, at large public events. This guidance should be useful to all those responsible for designing and delivering security systems and procedures for checkpoint screening. It will be of interest to equipment manufacturers, procurement managers, policy makers and the Government. Security is a complex issue. Security screening may be regarded as a system, the function of which is dependent on its components, the interactions between them and the environment. Therefore a systems approach has been used in PAS 127:2014. It considers people, processes, information and technologies. PAS 127:2014 was commissioned by the Home Office Centre for Applied Science and Technology (CAST). Its development was facilitated by the British Standards Institution (BSI) with input from a panel of industry experts 1. 1) See back cover This booklet provides an introduction to PAS 127:2014. The full version is available to order from http://shop.bsigroup.com/pas127. Who is it for? PAS 127:2014 gives guidance and recommendations for checkpoint security screening of people, and their bags and possessions, for non-regulated applications. This includes both permanent and temporary installations at government and private buildings, events and sporting venues in public spaces or on private land. The PAS focuses on the detection of weapons and explosive threat items but the methodology can equally be applied to address other threats that an organization may face. PAS 127:2014 is primarily aimed at anyone who has responsibility for specific planning and/or delivering security operations at venues in either the private or public sector. It will also be of interest to equipment manufacturers, procurement managers and policy makers. The PAS provides a framework for assessing risk and identifying screening requirements, and then specifying and delivering appropriate solutions. Key benefits and limitations of common screening methods and technologies are also summarized. The PAS has been deliberately kept flexible: users may tailor the recommendations to suit the particular requirements of their own organization or event, whilst still adhering to the principles of good practice.

Outline of PAS 127 process The organization and/or its appointed security contractors should conduct a comprehensive assessment of risk. This assessment should include the consideration of the organization s vulnerabilities, the possible threats, the likelihood of a malicious attack and the potential impact of such an attack, the recording of this information and actions taken to manage or mitigate the risk. The organization should record the findings of the risk assessment, formally stating its requirements for security screening. Based on its requirements, and if required, the organization should identify appropriate screening strategies and identify solutions in the form of security screening technologies and methods. These should be implemented accordingly with regular review. Ad hoc adoption of individual measures described in this PAS can lead to the implementation of an inadequate screening capability, or to unsafe practices. For these reasons the whole process should be followed if checkpoint screening measures are required. PAS 127 also includes three informative annexes. Annex A presents the factors which should be considered when choosing the best location for a checkpoint screening facility. In the majority of cases this will be a retrospective installation inside an existing building. Checkpoint design considerations are also discussed for new buildings and for temporary installations at events. Annex B presents a list of British and international standards relevant to security screening with a brief synopsis of each. Annex C gives general guidance through a list of actions that may form part of an emergency response to the discovery of a high impact threat such as an explosive device. The proportionality of the response to the potential severity of the threat is discussed.

Summary of PAS 127 process Assessing the risk (Clause 4) Assess the organization s vulnerabilities (4.1) Assess the threat; type, location and attack method (4.2.2) Consider likelihood of a successful attack (4.2.3) Estimate impact; loss of life, serious injury, financial, disruption, structural and reputational damage (4.2.4) Record and present results (4.3) Manage and mitigate risk (4.4) Review (4.5) Security screening requirements (Clause 5) Estimate people flow and throughput (5.2) Identify location for screening facilities (5.4) Consider associated security measures (5.5) Consider the checkpoint layout (5.6) Record the operational requirements (5.7) Select screening strategy commensurate with the risk (Clause 6) Identify mix of screening methods and technologies (Clause 7) People Bags and possessions Manual search (7.2.2.1) Manual search (7.2.3.1) Metal detectors: X-ray (7.2.3.2) Walk-through (7.2.2.2) Explosives trace detection (7.2.3.3) Hand-held (7.2.2.3) Body scanners (7.2.2.4) General security measures (8.2) Management and responsibility (8.3) Operating procedures (8.4) Checkpoint design and layout (8.5) Equipment ownership (8.6) Implementation and deployment (Clause 8) Human factors (8.7) Health and safety (8.8) Security procedures (8.9) Authority/consent to screen (8.10) Privacy and ethical issues (8.11) Continuously monitor and review effectiveness of security system (Clause 9)

Common security screening methods and technologies Method Objects detected Alarm resolution Notes People screening Manual search All carried objects: explosives; knives; other suspicious items. Often used to resolve WTMD or other alarms. Requires no technology. Effective if carried out thoroughly. Staff intensive and time consuming. May be seen as invasive. Hand search usually same gender only. Disguised threat items and threat items hidden in other objects may not be identified. Health and safety issues when sharp items may be present. Walkthrough metal detector (WTMD) Large and small metal items: metallic knives; metal components of explosive devices. Manual search or HHMD required to resolve alarms. Requires separate checking of divested carried objects. Fast and automatic, but requires alarm resolution. Does not detect non-metallic threat items. Sensitivity can be adjusted. Potential for high nuisance and false alarm rates. Some WTMDs indicate height above ground of metallic items. Requires correct set-up, on stable floor away from moving metal objects. Hand-held metal detector (HHMD) Large and small metal items: metallic knives; metal components of explosive devices. Can be used as part of WTMD alarm resolution process. Slower than WTMD for primary screening. Can be set to detect very small metal threat items that are then resolved by thorough inspection. Does not detect non-metallic threat items. Requires correct operator use. Body scanners, e.g. millimetre wave imagers and portals, X-ray backscatter imagers Large and small concealed objects of all types, including: explosives; knives; other suspicious items. Directed manual search required to resolve alarms. Detects metallic and non-metallic threat items. High purchase and running costs compared with other techniques. Locates suspicious objects to facilitate alarm resolution. Throughput relatively slow. Privacy issues need to be taken into account, however, newer automated systems do not display actual images. Requires comprehensive operator training. Perceived safety risk with X-ray backscatter technologies.

Method Objects detected Alarm resolution Notes Bag/possessions screening Manual search All contained objects: explosives; knives; other suspicious items. Often used to resolve X-ray or other alarms. Requires no technology. Effective if carried out thoroughly. May be staff intensive and time consuming. May be seen as invasive. Disguised threat items and threat items hidden in other objects may not be detected. Health and safety considerations for sharp items. Thoroughness and speed can be tailored according to requirements. X-ray All contained objects: explosives; knives; other suspicious items; disguised threat items and threat items concealed inside other objects. Requires an alarm resolution process such as manual search of suspect bags/ possessions. Requires specially trained operators. Requires regular safety checks. Explosives Trace Detection (handheld or desktop) (ETD) Explosives (indication that person/bag may have been in the presence of traces of explosives or other contaminated items). Explosives trace detector (ETD) systems may detect explosives particulate traces and/or vapours. Can be used as a secondary screening technique following X-ray bag screening to increase confidence that no explosive threat items are present. Generally requires collection of particulate material from surfaces or sampling of airborne vapours for analysis in the ETD system. Usually applied to bags and possessions. ETD can also be used to screen people by taking swabs of personal items that are frequently touched, such as mobile phones or wallets. A trace detection alarm does not necessarily mean that a bulk quantity of explosives is present. ETD systems do not address non-explosive threats. Requires specially trained operators.

PAS 127 provides comprehensive guidance to help organizations identify and implement effective checkpoint security screening measures. Acknowledgement PAS 127 was sponsored by the Home Office Centre for Applied Science and Technology (CAST), who provided the initial draft for development. Its production was facilitated by the British Standards Institution (BSI). In addition we would like to thank the following contributing organizations: Airlock Aviation BAA Centre for the Protection of National Infrastructure Defence Science and Technology Laboratory Department for Transport Glasgow 2014 Ltd Home Office Iconal Technology Ltd Metropolitan Police Service Security Industry Authority Security Institute Sodexo Acknowledgement is also given to the wider review panel who were consulted in the development of PAS 127. How to order a copy Copies of PAS 127 can be purchased from http://shop.bsigroup.com/pas127 BSI 389 Chiswick High Road London W4 4AL United Kingdom www.bsigroup.com